Upload
mahendra-dhoni
View
233
Download
0
Embed Size (px)
Citation preview
7/29/2019 Ensuring Security in Oracle r12 Financials
1/47
Ensuring Securityin Oracle R12 Financials
A webcast presented by IT Convergence - September, 2010
7/29/2019 Ensuring Security in Oracle r12 Financials
2/47
IT Convergence 2010 All rights reserved.
Global Reach, Local Expertise
NEW YORK
CHICAGO
SAN FRANCISCO
SHANGHAIMEXICO HYDERABAD
BANGALORE
BUENOS AIRES
SAO PAULO
7/29/2019 Ensuring Security in Oracle r12 Financials
3/47
IT Convergence 2010 All rights reserved.
Taking Our Own Medicine
Used theE-Business Suite
since 2004
Upgradedto R12
in J anuary 2009
ImplementedOBIEE
in J anuary 2010
And we host our systems
7/29/2019 Ensuring Security in Oracle r12 Financials
4/47
IT Convergence 2010 All rights reserved.
On the Phone
Host Keith Thomas
Marketing Analyst
Presenter Margaret Wong
Strategic Education Services Manager
7/29/2019 Ensuring Security in Oracle r12 Financials
5/47
IT Convergence 2010 All rights reserved.
Agenda
New Security Features in Oracle Financials R12
Successive Layers of Access Control
Sign on Password Security
7/29/2019 Ensuring Security in Oracle r12 Financials
6/47
IT Convergence 2010 All rights reserved.
LedgerOne Repository of Financial Truth
US GAAPUS COAUS CalendarEUR
Ledger Bedger B
Reporting Currency
Implements the 4 Cs:Accounting MethodChart of AccountsCalendarCurrency
Implements the 4 Cmplements the 4 Cs::Accounting Methodounting MethodChart of Accountsart of AccountsCalendarlendarCurrencyrrency
The balance on Creditors (COA)
is 4.2M Euro (Currency)on March 31, 2010 (Calendar)
according to IAS/IFRS definitions (Accounting Method)
7/29/2019 Ensuring Security in Oracle r12 Financials
7/47
IT Convergence 2010 All rights reserved.
Ledger Sets
Global InformationAt A Glance
Ledger Setedger Setedger Set
Key benefits to many Ledgers in one set Decision-driving business information always available Simpler processing and General Ledger management Data and definitions that can be shared and secured
US GAAPUS COAUS CalendarUSD
US GAAPUS COAUS CalendarUSD
Ledger Cedger Cedger C
US GAAPUS COAUS CalendarEUR
Ledger Bedger BFrench RulesPlan ComptableFrench CalendarEUR
Ledger Aedger A
Share:Chart of AccountsCalendarShare:hare:Chart of Accountsart of AccountsCalendarlendar
Ledger Dedger Dedger D
Reporting Currency
US GAAPUS COAUS CalendarAUD
7/29/2019 Ensuring Security in Oracle r12 Financials
8/47
IT Convergence 2010 All rights reserved.
Ledger Sets
Grouping of ledgers with the same chart of accounts and
calendar/period type combination
Essentially treats multiple ledgers as one
7/29/2019 Ensuring Security in Oracle r12 Financials
9/47
IT Convergence 2010 All rights reserved.
Ledger Set
Open/Close Periods
Open/Close Periods Independently orSimultaneously
Create Journals
Allocations Across Ledgers
Recurring Journals for All Ledgers
Translate Balances
Translate Balances for All Ledgers
View Information
No Changing Responsibi lities
View Journals and Account Balances
Create Reports
Report on One or All Ledgers in a Ledger
Set
Perform the Following Across Ledgers:
Ledger 2
Ledger SetLedger Set
Ledger 1
Ledger 4
Ledger 3
7/29/2019 Ensuring Security in Oracle r12 Financials
10/47
IT Convergence 2010 All rights reserved.
Multi-Ledger Processing Benefits
Increased Operational Efficiency
Reduce setup and processing t ime by performing operations on
mult iple ledgers simultaneously
Greater Control over Processes
Control your processing for multiple ledgers regardless of
accounting setup e.g. Scheduling the creation of closing journals for multiple ledgers
Increased Data Accuracy
Keep all ledgers sync by keeping them on the same closeschedule
7/29/2019 Ensuring Security in Oracle r12 Financials
11/47
IT Convergence 2010 All rights reserved.
Definit ion Access Sets
Control Access to Setup Objects and Definitions
independently of Data Security
Secure Setup Objects and Definitions that are naturally
shared across ledgers and charts of accounts, such as FSG
Reports and Mass Allocations
Enable Setup Autonomy within Multi-Legal Entity Ledgers
Assigned to Responsibility, but access granted to User
7/29/2019 Ensuring Security in Oracle r12 Financials
12/47
IT Convergence 2010 All rights reserved.
Definit ion Access Sets
Accounting Calendars
AutoAllocations
AutoPost Criteria Sets
AutoReversal Criteria Sets
Budget Formulas
Budget Organizations
Chart of Accounts Mappings
Consolidation Definit ions
Consolidation Sets
Elimination Sets
FSG Reports and components
MassAllocations
MassBudgets
Rate Types
Recurring Journals
Revaluations
Transaction Calendars
Securable Definitions using Definition Access Sets
7/29/2019 Ensuring Security in Oracle r12 Financials
13/47
IT Convergence 2010 All rights reserved.
Definit ion Access Sets
Control Access to Definitions
UseUse ViewView ModifyModify
Financial Analyst Controller
Rent Allocation
Recurring Rent
Rent Allocation
Recurring Rent
FSG Reports
Revalutions
PrivilegesPrivileges
7/29/2019 Ensuring Security in Oracle r12 Financials
14/47
IT Convergence 2010 All rights reserved.
Data Access Set
Grant and tailor access to Ledgers and BalancingSegment Values (i.e. Companies, Stores, Branches, etc.)
7/29/2019 Ensuring Security in Oracle r12 Financials
15/47
IT Convergence 2010 All rights reserved.
Data Access Set:
Management Reporting and Security
y Management Segment
Optionally qualify a segment as the management segment to
perform management reporting Secure read and write access to Ledger/Management
Segment Value combinations using Data Access Sets
Management
Co CC Acct I/C
Balancing Cost Center Natural
AccountIntercompany
7/29/2019 Ensuring Security in Oracle r12 Financials
16/47
IT Convergence 2010 All rights reserved.
Data Access Set:
Management Reporting and Security
OU97
OS69
OX53
Co CC Acct I/C
Primary Ledger
LE
Managers enter adjustments usingtheir management segment value
Data access set security ensuresmanagers only update/view info. fortheir area of responsibility
7/29/2019 Ensuring Security in Oracle r12 Financials
17/47
IT Convergence 2010 All rights reserved.
Data Security by Application
Application Partitioned By
GL, FA Ledger
FA Asset Book
HR Business Group
OM, AR, AP, PO, CE, PA,
AS, SC, ASO, ASN, ASTOperating Unit
INV, MFG Inventory Organization
7/29/2019 Ensuring Security in Oracle r12 Financials
18/47
IT Convergence 2010 All rights reserved.
Cross Organization Reporting
Report at multiple levels:
Ledger
GRE/Legal Entity
Operating Unit
System profi le
MO: Top Reporting Level
Enhanced reporting features:
Reporting Level
Reporting Context
7/29/2019 Ensuring Security in Oracle r12 Financials
19/47
IT Convergence 2010 All rights reserved.
Organization Reporting
Options Ledger
MO: Top Reporting
Level is set to
Ledger.
Reporting Level
parameter is set toLedger.
Reporting Context
parameter is set to
Ledger 1.
OU1
Op Unit
Ledger 1
OU3
Op Unit
LE1
GRE/Legal entity
LE2
GRE/Legal entity
OU2
Op Unit
7/29/2019 Ensuring Security in Oracle r12 Financials
20/47
IT Convergence 2010 All rights reserved.
Organization ReportingOptions Legal Entity
MO: Top Reporting
Level is set to
GRE/Legal entity.
Reporting Level
parameter is set toGRE/Legal entity.
Reporting Context
parameter is set to
LE2.
OU2
Op Unit
OU3
Op Unit
Ledger
OU1
Op Unit
LE1
GRE/Legal entity
LE2
GRE/Legal entity
7/29/2019 Ensuring Security in Oracle r12 Financials
21/47
IT Convergence 2010 All rights reserved.
Organization ReportingOptions Operating Unit
MO: Top Reporting
Level is set to
Operating Unit.
Reporting Level
parameter is set toOperating Unit.
Reporting Context
parameter is set to
OU3.
OU1
Op Unit
OU2
Op Unit
OU3
Op Unit
Ledger 1
LE1
GRE/Legal enti ty
LE2
GRE/Legal entity
7/29/2019 Ensuring Security in Oracle r12 Financials
22/47
IT Convergence 2010 All rights reserved.
Multi Org Access Control
Responsibilityesponsibility Responsibilityesponsibility Responsibilityesponsibility
HollandLegal Entity
DenmarkLegal Entity
BelgiumLegal Entity
Functional Tasksy Order Managementy Dunning, Collections,
Billing
y Requisition, Demand &Purchase Orders
y Receiving & Drop Shipy Invoice Receipt,
Disbursement
y Customer DataManagement
y Accounting Setup
Functional Tasksy Order Managementy Dunning, Collections,
Billing
y Requisition, Demand &Purchase Orders
y Receiving & Drop Shipy Invoice Receipt,
Disbursement
y Customer DataManagement
y Accounting Setup
Single Responsibility
BelgiumOperating Unit
HollandOperating Unit
DenmarkOperating Unit
Perform multiple tasks across operating units without changingresponsibilities
Role based access to Operating Units
7/29/2019 Ensuring Security in Oracle r12 Financials
23/47
Oracle Security at the System Administration level
7/29/2019 Ensuring Security in Oracle r12 Financials
24/47
IT Convergence 2010 All rights reserved.
Functions
ReportsUser
Application
Responsibility
Oracle Security - Overview
7/29/2019 Ensuring Security in Oracle r12 Financials
25/47
IT Convergence 2010 All rights reserved.
Creating User Credentials
Defining a New User
Define an authorized user
of Oracle Applications byspecifying a username andpassword.
Grant applicationprivileges by assigningone or moreresponsibil ities to the user
Assign one or moreresponsibilities
Enter username and password
Require password changeLimit access attempts
Enter usersstart date
1
2
3
4
Steps 1, 3, and 4 are required
7/29/2019 Ensuring Security in Oracle r12 Financials
26/47
IT Convergence 2010 All rights reserved.
Oracle Responsibility Creation Process
Data groups
SecurityORACLE
DataGroup
Menus
ApplicationMenu
Responsibilities
Security
Responsibility
Define
Request groups
SecurityResponsibility
Requests
Users
Security
User
Define
7/29/2019 Ensuring Security in Oracle r12 Financials
27/47
IT Convergence 2010 All rights reserved.
Successive Layers of Access Control
Access Control is implemented in successive layers and each
layer builds upon the one that precedes it .
Self Service and Approvals
Registration Processes
Delegated Administration
Role Based Access Control
Data Security
Function Security
Optional
Required1
2
3
45
6
7/29/2019 Ensuring Security in Oracle r12 Financials
28/47
IT Convergence 2010 All rights reserved.
Oracle Function Security - Overview
Function Security The most granular layer of accesscontrol
Restricts user access to the individual menus andmenu options
Provides specific object access control on pages
Each elements is represented by a permission
Order Entry example:
Controls users ability to create a new order or evenaccess the page
7/29/2019 Ensuring Security in Oracle r12 Financials
29/47
IT Convergence 2010 All rights reserved.
Oracle Function Security Managing Function
Security
Restricts user access to theindividual menus and menuoptions
Add or Remove Functions froma Responsibil ity
Maintain menu structureswhile eliminating specific
functionality
Exclude individual functionsfrom a responsibi lity
Menu Level 1
Menu Level 3
Menu Level 2
Function C
Function D
Function A
Function E
Function A
Function B
Subfunction A
Subfunction B
Subfunction A
Menu Level 3
Menu Level 2
7/29/2019 Ensuring Security in Oracle r12 Financials
30/47
IT Convergence 2010 All rights reserved.
The second layer of access control
Provides access to the data a user can view and the
actions a user can perform on that data
Restricts access to individual what actions a user can
perform on that data
Data Security Policies can reflect access to:
All Instances
An Instance Set
A Specific Instance
Data Security - Overview
7/29/2019 Ensuring Security in Oracle r12 Financials
31/47
IT Convergence 2010 All rights reserved.
Grants in regard to business objects are part of Data
Security Policies
Grants in regard to a set of an applications functionality
are part of Function Security
Three Types of Grantees:
A group of users
A specific user
All users (global)
Data Security - Grants
7/29/2019 Ensuring Security in Oracle r12 Financials
32/47
IT Convergence 2010 All rights reserved.
A permission is defined as an approval to perform an
operation on an object
Permissions can be grouped into permission sets
Permission sets can be granted to users or roles
independently of menus or responsibilit ies
Data Security Permissions and Permission Sets
7/29/2019 Ensuring Security in Oracle r12 Financials
33/47
IT Convergence 2010 All rights reserved.
Oracle User Management
The Oracle E-Business Suite Diagnostics security model has
been rewritten based on Role Based Access Control (RBAC -since ~ Nov. 2004)
External regulatory and auditing considerations
RBAC allows for more granular security:
Consolidate responsibilities, permissions, functionsecurity and data security policies
One-time permission set up
Structure user access control based upon users jobfunctions
7/29/2019 Ensuring Security in Oracle r12 Financials
34/47
IT Convergence 2010 All rights reserved.
Delegated Administration
Delegated Administration
Is a privilege model that builds on the RBAC system.
Provides organizations with the abili ty to assign the required
access rights for managing roles and user accounts.
Four types of privi leges:
Administration Privileges
User Administration Privileges
Role Administration Privileges
Organization Administration Privileges
7/29/2019 Ensuring Security in Oracle r12 Financials
35/47
IT Convergence 2010 All rights reserved.
Registration Processes
Registration processes are predefined registration
components
Oracle User Management contains the following
registration processes:
Self-Service Account Requests
Requests for Addit ional Access
Account Creation By Administrators
7/29/2019 Ensuring Security in Oracle r12 Financials
36/47
IT Convergence 2010 All rights reserved.
Self Service and Approvals
End users can perform self-service registration tasks:
Obtain new user accounts
Request additional access to the system
Reset Passwords
7/29/2019 Ensuring Security in Oracle r12 Financials
37/47
Password and Sign On Security
7/29/2019 Ensuring Security in Oracle r12 Financials
38/47
IT Convergence 2010 All rights reserved.
Signon Password Security: Password Expiration
7/29/2019 Ensuring Security in Oracle r12 Financials
39/47
IT Convergence 2010 All rights reserved.
Password Profile Options Failure Limit
7/29/2019 Ensuring Security in Oracle r12 Financials
40/47
IT Convergence 2010 All rights reserved.
Password Profile Options Hard to Guess
7/29/2019 Ensuring Security in Oracle r12 Financials
41/47
IT Convergence 2010 All rights reserved.
Password Profile Options Password Length
7/29/2019 Ensuring Security in Oracle r12 Financials
42/47
IT Convergence 2010 All rights reserved.
Password Profile Options Password No Reuse
7/29/2019 Ensuring Security in Oracle r12 Financials
43/47
IT Convergence 2010 All rights reserved.
Password Profile Options Case
7/29/2019 Ensuring Security in Oracle r12 Financials
44/47
IT Convergence 2010 All rights reserved.
Future Events
www.itconvergence.com
Make R12 Subledger
Functionalit ies Work For You
CRM solutions for Oracle E-
Business Suite Users -
Comparing the Market Leaderwith Oracle's Alternatives
Date October 4th, 2010 Date October 20th, 2010
Time 8:00 amPST Time 8:00 amPST
Register today at:
OAUG & IT CONVERGENCE
7/29/2019 Ensuring Security in Oracle r12 Financials
45/47
IT Convergence 2010 All rights reserved.www.itconvergence.com/workshops
R12
Preparing for an Oracle R12 Upgrade
Oracle R12 HRMS - Implement Oracle HR
Oracle R12 Project Accounting
Oracle R12 HRMS Compensation Workbench
Oracle R12 Financials New Features
Documentation and Compliance with Oracle Tutor & UPK
Expediting Month End Close with Oracle R12
BUSINESS INTELLIGENCE
OBIEE for Administrators
OBIEE for End Users
Reporting Options for Oracle E-Business Suite
Workshops are available in:
New York San FranciscoAtlanta DenverDallas Madison
Check our website for full information!
7/29/2019 Ensuring Security in Oracle r12 Financials
46/47
IT Convergence 2010 All rights reserved.
Stay Connected
If you need additional information check out:
Are You Ready for Oracle R12?
The Oracle Application Workshops sponsored by IT
Convergence and the OAUG
http://www.itconvergence.com/portal/page?_pageid=33,8230501&_dad=portal&_schema=PORTALhttp://www.itconvergence.com/workshopshttp://www.itconvergence.com/workshopshttp://www.itconvergence.com/portal/page?_pageid=33,8230501&_dad=portal&_schema=PORTAL7/29/2019 Ensuring Security in Oracle r12 Financials
47/47